how to stop Whm/cpanel from broadcasting user names?


Well-Known Member
Jun 25, 2003
Spammers send spam to [email protected]

I've found ways of solving that problem, here and abroad, however, one thing that has bothered me is how the spammers get the "username" in the first place. The clients username should be protected just like their password.

But somehow whm/cpanel seems to be broadcasting this information. I have setup test accounts with jibberish usernames and sure enough it'll start getting spam if I don't take care of it.

So how do we stop cpanel/whm from providing a list of user names on the box?


Well-Known Member
Verifed Vendor
Jun 15, 2002
Go on, have a guess
Well, only user hosted on the server can get a list of actual usernames. What you're most likely seeing are what are known as dictionary attacks. You can protect against those using an exim ACL that blocks the spammer after a number of attempts: